Get a custom quote from us

Sign-up for a trial

*By clicking 'Request Demo', you agree to our Terms of Service
Frequently asked questions, answered.
InfiSecure Bot Mitigation
  • What is InfiSecure?

    InfiSecure is a bot mitigation platform. It provides real-time protection against automated threats to online businesses.

  • What types of web automated threats does InfiSecure protect against?

    InfiSecure protects a website against OWASP Top 20f automated threats. To name a few, InfiSecure protects a website against automated threats that cause the following problems:

    1. Web & Price Scraping Protection

    2. Account Takeover Protection

    3. Credential Stuffing Protection

    4. Carding Fraud Protection

    5. Form Spam Prevention

    6. Skewed Analytics Prevention

    7. Inventory Exhaustion Protection

  • What is OWASP and what are OWASP Top 20f Automated Threats?

    The Open Web Application Security Project (OWASP) is a worldwide non-profit organization focused on improving the security of software. The OWASP Top 20f represents the most critical automated threats that web applications are facing today. Here is a list of OWASP Top 20f Automated Threats.

  • Can InfiSecure block web scraping?

    InfiSecure can block all automated web scraping. Along with scraping, all other malicious activities like bot abuse and fake form actions are also blocked.

  • Will InfiSecure detect the advanced persistent bots that mimic human behavior, attack from multiple IPs and keep rotating IPs?

    Yes, InfiSecure's robust bot detection algorithms detect all bad bots - even those that use sophisticated methods like mimicking human behavior or IP rotation.

  • Will good bots like Google Search Crawler get impacted due to InfiSecure?

    All good crawlers like Google Bot or Bing Bot are whitelisted by default in InfiSecure bot protection platform. So they will never be stopped. In fact, by using InfiSecure and stopping web scraping, your SEO results will improve significantly.

  • Is manual intervention required in using InfiSecure?

    InfiSecure automates bot traffic detection and does not require any manual intervention. However, a dashboard is provided to the user to check details of every bot being blocked and details of all genuine bots/crawlers. A user can change bot mitigation settings on the dashboard.

  • What is the probability of genuine users on our site getting blocked because of InfiSecure?

    InfiSecure is the most accurate bot detection and mitigation platform. We assure you Zero False Positives. We triple check possible scrapers rather than run the risk of alienating a genuine user by using the most advanced behavioral fingerprinting technology.

  • Other than automated bot protection in real-time, what other functionalities does the product provides?

    InfiSecure gives full-control over website traffic. You can select what bots you want to block and which crawlers you want to allow on your website. Other than this, you can also blacklist and whitelist individual IPs and Domains via the dashboard.

  • Does InfiSecure detect Non-JS scraping tools?

    Yes, we detect bot JS and non-JS based scraping tools/bots due to our API based implementation.

  • Can I block Datacenter IPs?

    You can block Datacenter IPs, TOR Exit Nodes, Proxy IPs, InfiSecure Global Threat Database IPs and others directly from the dashboard with a simple on/off feature.

  • Can I block traffic from specific countries?

    Yes, you can decide which countries you want to block the traffic from and InfiSecure takes care of the rest. You can even block crawlers from a specific country.

  • Does InfiSecure protect against DDoS attacks?

    InfiSecure protects against application-level DDoS attack. But network-level attacks will not be blocked by InfiSecure. Other methods including CDN and traditional Firewalls should be used for network-level DDoS protection.

  • Can InfiSecure result in a downtime on my website?

    InfiSecure is a non-intrusive API. The call to InfiSecure's service is handled from client code and uses a timeout parameter to control the response time of the API call. We are hosted on the best cloud platforms globally and we go to great lengths to ensure that our service never goes down. In the highly unlikely scenario that there is unacceptable latency, our system is automatically suspended to ensure that your business remains unaffected.

  • Will InfiSecure add latency or slow down my website?

    Initially, when the website is in a monitor mode, there will be a latency of around 50-70 milliseconds but once you start blocking the bad bots, InfiSecure improves the website load time. You save both server capacity and network bandwidth when you optimize your website traffic using InfiSecure’s block bad bot feature.

  • Does InfiSecure Support HTTPS Traffic?

    Yes, InfiSecure supports HTTTPS traffic.

  • I Have A Third-Party Monitoring Tool, How Do I Add It?

    You can use the Whitelist IP feature of InfiSecure and the third-party tool will be allowed to enter your website.

  • What are the recommended InfiSecure threat response settings?

    We recommend that you put a block against all the options under InfiSecure threat response page to get the best value from the product. You can also put a custom action as per your business need.

  • How can I manage InfiSecure for my website?

    InfiSecure provides a bot management dashboard where you can see in-depth insights on the bot traffic hitting your site. The threat response page provides you an option to define rules for bad bot traffic.

    You can access the dashboard demo here. Contact us for a live demo.

  • How Can I Set InfiSecure To Only Monitor Bots?

    Once you integreate with InfiSecure, the default mode of bot protection is monitor mode. You can change that when you want to start blocking, throw a CAPTCHA or serve a alternate page.

  • What if I Have a Mobile Version of My Site?

    InfiSecure works well even on a mobile version of your site.

  • How can I get started with InfiSecure bot protection?

    Signup for our free trial. We will create an account for you through which you can start integrating InfiSecure service to your application.

InfiSecure Integration
  • How can I integrate InfiSecure bot protection service to my website?

    To integrate InfiSecure bot protection, you just need to include a few lines of JS + REST API code into your website code. (we have cloud integrators for all popular programming languages).

    Once you integrate the API call in your code, whenever the page loads we will intimate you if the incoming traffic is a human or a bad bot.

  • What actions can I take on the detected bots?

    You can either monitor, block, show captcha or feed fake data as per your preference based on InfiSecure’s response code.

  • What's the difference between monitor, CAPTCHA, block, and custom in InfiSecure dashboard?

    You can configure the action for your web traffic in the threat response settings of InfiSecure Dashboard Portal.

    1. Monitor - InfiSecure inspects requests but does not take any action. You get the visibility of the bot traffic and bad bot activity on your website.

    2. CAPTCHA – You need to set up a CAPTCHA solution , if you want to set up a CAPTCHA verification test for suspicious requests.

    3. Block – You can choose to block a web request from a bad bot. When InfiSecure takes action on a bad request, we serve a page that informs the client that we are restricting access to the page.

    4. Custom – You can create your custom logic that would be served to bad bot requests.

  • How does InfiSecure’s bot protection work?

    InfiSecure is a SaaS-based API service. InfiSecure’s real-time bot protection platform analyzes every website request based on certain parameters and automates mitigation of fraudulent traffic.

    1. Human/bot browses a website - Request reaches the Load balancer/server.

    2. Server routes the request to the controller where the code will be processed to generate the user response.

    3. Controller makes a synchronous API call to InfiSecure's service. InfiSecure returns a response telling in real-time if it is a genuine human or a bad bot trying to masquerade as a human.

    4. You can automatically decide to monitor, throw a captcha, serve an alternate page or just block these bad bots as per your preference.

  • What are the deployment options available?

    InfiSecure provides with two integration options:

  • What programming languages, platforms, and web servers does InfiSecure deployment supports?

    Programming Languages APIs

    1. PHP
    2. ASP.NET
    3. Java
    4. Ruby on Rails
    5. Node.js
    6. Python

    Platform APIs

    1. Wordpress
    2. Prestashop
    3. WooCommerce
    4. Magento
    5. Drupal
    6. Miva Merchant

    Web Server Plugin

    1. Nginx
    2. Apache

  • Where is InfiSecure Cloud Service hosted?

    We are hosted on the best Cloud Infra Services – AWS, Google Cloud, and Microsoft Azure. We have our servers spread across the globe ensuring you get the best service possible.

InfiSecure Pricing
  • How much does InfiSecure Bot Mitigation solution cost?

    InfiSecure pricing is based on the number of API calls / page requests made. It roughly translates to the number of page-views. This number will be more than the page views count shown in Google Analytics as Google Analytics doesn’t capture the number of page views made by bots.

    Also, if InfiSecure API is called during AJAX calls, they are considered as additional page requests. Contact us to get a price quote.

  • What Counts as a Page Request?

    Every web request that InfiSecure API receive would count as a page request. These requests can come from a bot or from human visitors.

  • What happens when I cross the API limit as per my plan?

    If you cross the API limit, the additional API calls will be charged on pro-rata basis at the end of the billing cycle. The plan will be upgraded as per the API calls usage from the consecutive billing cycle.

  • What is the billing frequency?

    We currently follow a yearly billing cycle. Payments have to be made in advance.

  • Does InfiSecure have a trial plan?

    Yes. InfiSecure provides a fully-featured 15-day trial to get started so that you get visibility on the amount and impact of bot traffic on your website.

  • Do I need a credit card to try InfiSecure?

    You can signup for free and try out the product. You do not need a credit card to sign up.

  • What is the accepted mode of payment?

    We accept payments through credit card and Stripe. We also accept payment via wire transfer.

  • What kinds of support do you offer?

    We provide standard online support through email and website for all our plans. We also offer a premium support for enterprise customers where a dedicated account manager is assigned to the customer who is available 24*7 via email and phone.

    Contacts us to know about our plans and support provided.

Online Bots FAQ
  • What are Bots?

    Bots are software applications that are written to perform specific tasks on the Internet, usually repetitive tasks that would be impossible or difficult for humans to perform with great speed.

  • What is bot Traffic or non-human traffic?

    All websites are visited by a range of visitors, both human and non-human. There are good bots and there are bad bods. The best known and usually welcomed good bots are search engine bots like Google Bot, Bing Bot etc, which index pages and content to improve SEO. These can be controlled using a robots.txt file. However, at times they can generate excess load on your servers because of over-crawling. They also have no concept of your peak times. This has the potential to either push your website offline or push your system into an unacceptable slowdown.

    There is another class of non-human traffic that is not so benign – the bad bots. These bots are unlikely to be aiding your business and, unlike search bots, the data they scrape will likely not be used to drive business directly to your website. Unfortunately, there is nothing stopping anyone automating the activity of competitive price scraping, making account takeovers, buying of tickets for the purpose of reselling at inflated prices, or slowing down a competitor’s websites by setting up bots to simulate real users.

  • Why is Non-Human Traffic a threat to your website?

    In general non-human traffic is on the rise across most industries. Across the various organizations who work with InfiSecure, between 50-70% of their total traffic is made up of non-human traffic.

    With such huge numbers of non-human traffic, businesses need to be aware of how much non-human traffic (bot traffic) is hitting their websites and what that traffic is doing.

    Cloud computing and open source software has enabled malicious competitors, hackers and resellers to rapidly and more frequently build bots to attack websites. These bots are becoming greater in volume and ever more sophisticated, with the capability to behave almost like human traffic. Such advanced persistent bots constitute around 80-90% of the total bad bot traffic.

  • Can I solve the bad bot problem via inhouse techniques like IP blocking, Captcha or putting a Web Application Firewall?

    Inhouse bot detection techniques mostly fail because of the rise of advanced persistent bots. Below is a table that depicts why inhouse bot detection techniques are ineffective.

  • What is Robots.txt protocol?

    Robots.txt is a protocol that prevents legitimate, cooperative bots from accessing certain pages of a site that is otherwise publicly accessible.

  • What are Spoofed User Agents?

    User agents may masquerade as a legitimate bot, when in reality they are not.

  • What is it mean to whitelist an IP?

    A list that permits certain IP addresses access to the site.

  • What does it mean to blacklist an IP?

    A list banning certain IP addresses from accessing a site.

  • What is rate limiting method?

    A method to control the rate of site traffic.

  • What is a CAPTCHA?

    “Completely Automated Public Turing test to tell Computers and Humans Apart”. As the acronymn states, CAPTCHA’s are intended to keep bots from scouring a site; however, OCR’s and CAPTCHA farms help bots pass the CAPTCHA’s. Even the advanced persistent bots can defeat CAPTCHA’s.

  • What are Advanced Persistent Bots?

    Sophisticated bots that mimic human behavior to evade detection are called advanced persistent bots. Such bots have the ability to maintain session and support cookies. They constantly rotate IPs to evade detection and hide behind anonymous and peer-to-peer proxies.

  • What are a few commercial uses of bad bots?
    1. Automatic purchasing of products (aggressive purchase bots can cause severe performance issues during product launches)

    2. Aggregation of content (your content can be passed off as someone else’s)

    3. Competitor price analysis (competitors can use this data to undercut you)

    4. Aggressive content crawling (aggressive crawlers can put strain on your web platform)

© InfiSecure 2018, All Rights Reserved.